Cybercrime is becoming increasingly sophisticated. Hackers motivated by money, politics or pure malice can access a thriving black market for malware and wreak havoc at the push of a button. At Origo, we help our customers to mitigate against cyber attacks by protecting them with state-of-the-art security solutions. A new partnership between Origo and Cloudflare, the leading vendor in DDoS protection and web application firewalls, is enabling us to protect customers against the biggest cyber threat of all.
In the autumn and winter of 2012, six banks in the US were targeted by a cyber attack that clogged their systems with over 60gb of data per second, slowing them to a debilitating crawl. For three days, customers were unable to access their money nor make online payments. Anger raged.
These were not small, vulnerable banks; JPMorgan Chase, Citigroup, Bank of America, US Bank, Wells Fargo and PNC. They were big, vulnerable banks – vulnerable to the threat of DDoS attacks.
DDoS stands for distributed denial of service and it is a form of hacking whereby huge volumes of traffic are directed to the victim’s servers, forcing them to a grinding halt. There are various forms of DDoS attack and new tactics are being unearthed every year. This particular attack was not the first, nor was it the biggest, but it was remarkable in that the criminals behind it tried a number of different methods to see which would cause the most damage.
Hackers are able to generate these massive volumes of traffic by networking servers that they have infiltrated, usually via the use of spam emails. Spam may seem old-fashioned these days, but it remains a primary tactic for bad actors wishing to place malware on company systems.
In the years since 2012, DDoS attacks have increased year on year and the range of tactics continues to grow. Historically the first quarter of every year has always seen a higher prevalence of attacks than the second and third. That is until this year.
2020 saw the first ever rise in the number of DDoS attacks in Q2 over Q1, due largely to the COVID-19 pandemic and high-profile political events, such as constitutional voting in Russia and the Black Lives Matter protests in the US. The Minneapolis police website, for example, was temporarily knocked out by hackers and in Russia, the Central Election Commission and another constitutional information website were both hit.
For any organisation that relies on its online systems to keep processes flowing and customers satisfied, a DDoS attack is more than just a headache. The impact is fourfold as victims have to find resources to recover and secure compromised data, communicate with regulators and customers, pay regulatory penalties and restore their systems with a new, more robust wall of security. The cost in dollars can run to millions; the cost in reputation can be even higher.
The challenge for organisations trying to protect themselves against such attacks is differentiating between malicious traffic and normal traffic. A surge in traffic to your website won’t always ring alarm bells. If you’ve just launched a new product or a special offer, for example, that sort of surge is exactly what you want to see.
With DDoS attacks, the surge becomes a tidal wave. The biggest attack to date, aimed at the developer’s resource site Github, peaked at 1.3Tbps. When the wave strikes, you need a way to deflect all that traffic away from your systems.
That’s where Cloudflare comes in. With over 13 million internet properties in 150 countries, Cloudflare has built an intelligent global network through which every website in the Cloudflare community is routed. The delivery of web pages is automatically optimised so visitors get the fastest page load times and best performance, and if someone does try to hit you with a DDoS attack, the network absorbs the impact. Cloudflare’s 42Tbps global network is 15 times bigger than the largest DDoS attack ever recorded.
In November Americans go to the polls. The forthcoming US Presidential Election is already one of the most contentious in history and the integrity of the vote is paramount. For Rich Schliep, Chief Technology Officer, Colorado Department of State, protecting the local voters’ website from malicious attack was a major concern.
“Being able to have an infrastructure that can handle a large-scale DDoS attack is very expensive and not really available for a small agency, or even a larger agency,” he says. “We needed something that made it instantaneous, so that if we came under some kind of attack, we could block it and no-one would even notice.”
Cloudflare came forward with a free service for state and local governments across the US. Named the Athenian Project, it protects the security and performance of election websites, and thus American democracy as a whole.
“That really provides a lot of confidence,” says Schliep, “not only for me but also for our voters. It’s important for them to know that our systems are rock solid, they continue to run and that their vote does count.”
If the security and performance of your website is crucial to the success of your businesses, Origo’s partnership with Cloudflare can give you confidence you need. With protection against spam as well as DDoS and other attacks, a medium-sized business can save thousands of hours a year by reducing the amount of spam coming into their employees’ inboxes, as well as reducing the risk of opening the door to malware.